Skills
skills/derklinke/codex-config/design/Gen Agent Trust Hub

design

Fail

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The SKILL.md file explicitly instructs the agent to execute shell commands using python3 to run internal scripts (e.g., search.py). This allows the skill to execute code locally within the agent's environment.
  • [DATA_EXFILTRATION]: The skill's persistence feature in tools/uiux-corpus/scripts/design_system.py is vulnerable to path traversal. The persist_design_system function uses user-provided strings for project and page names to construct file paths without sanitizing for traversal sequences like ... This could permit writing or overwriting files outside the intended design-system/ directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted data and workspace-writing capabilities.
  • Ingestion points: User-provided queries enter the context via CLI arguments in search.py.
  • Boundary markers: Absent; there are no delimiters or warnings to ignore embedded instructions in the processed data.
  • Capability inventory: The skill uses subprocess calls to execute Python scripts and has file-writing capabilities via the open() function in design_system.py.
  • Sanitization: Absent; external content is interpolated into prompts and file paths without escaping or validation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 21, 2026, 09:42 AM